A mobile device may exchange information with another device, such as a merchant device, in connection with a purchase transaction. For example, a user might interact with a smartphone application, and, as a result, the smartphone might transmit the user's credit card number and associated information to a merchant device to complete an online transaction. Because of the sensitive nature of the information being exchanged between the mobile device and the merchant device, the mobile device may include a Transport Layer Security (“TLS”) server to improve security. TLS is a cryptographic protocol that improves communication security over a network, such as the Internet, using certificates and key pairs to encrypt information.
In some cases, however, it is known that the security of a TLS server may be unknowingly compromised by malicious software. To keep communications between a mobile device and a merchant device secure, an “out of band” verification process can be implemented. For example, the user might need to place a telephone call to the merchant and provide a password. Such an approach, however, can be time consuming on inconvenient for users and may be impractical for some applications. As a result, systems and methods to improve security for mobile devices and/or online transactions may be desired.